A launchpad for the Near Protocol called Skyward Finance was drained for $3 million in wrapped Near tokens.
The Skyward Finance team confirmed the fraud, saying that “a contract exploit has been used to drain the Skyward Treasury.”
The exploit, according to security company BlockSec, was used in just one transaction. In this transaction, the hacker redeemed from Skyward’s Treasury Contract more than 1.1 million wrapped Near tokens worth $3 million in a loop.
Anyone who desired to exchange wrapped Near tokens for Skyward Finance tokens was able to use the contract.
According to a statement provided by the company, BlockSec discovered a flaw in the contract’s token-redemption function that neglected to check for duplicate token account IDs.
The incident occurs as cryptocurrency hacks increase. As many as 44 exploits were responsible for more than $650 million in losses just last month.